Vote for the talks you want to see and the speakers you want to meet at #HITBGSEC in Singapore! Voting ends 31st July

Featured Slideshow

A researcher is advising drivers not to use a mobile app for General Motors Co's (GM.N) OnStar vehicle communications system, saying hackers can exploit a security flaw in the product to unlock cars... read more

Apple on Thursday released a second beta build of its upcoming OS X 10.10.5 Yosemite update to developers for testing, including what appears to be only minor tweaks and bug fixes. The latest beta,... read more

A senior IT professional who was a trusted employee of a top Silicon Valley law firm is headed to prison.Dimitry Braverman was arrested last year at his home in San Mateo, California. The 42-year-old... read more

Journalists and citizens living under repressive regimes alike depend on the encrypted Tor browser to surf the web anonymously. But in certain cases, an attacker can figure out which dark web site a... read more

Russian hackers have figured out a way to use Twitter to communicate with malware that’s infected target computers, allowing them to cover their tracks while making their way into confidential... read more

You are here

Microsoft confirms zero-day bug in IE6, IE7 and IE8

Microsoft has confirmed that Internet Explorer (IE) 6, 7 and 8 contain an unpatched bug -- or "zero-day" vulnerability -- that is being used by attackers to hijack victims' Windows computers.

The company is "working around the clock" on a patch, its engineers said. They have also released a preliminary workaround that will protect affected IE customers until the update is ready.

In a security advisory issued Dec. 29, Microsoft acknowledged that attacks are taking place. "Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8," the alert stated. Newer versions of IE, including 2011's IE9 and this year's IE10, are not affected, Microsoft said. It urged those able to upgrade to do so.